Lucene search

F5F5:K000139691

HistoryMay 21, 2024 - 12:00 a.m.

K000139691: Python vulnerabilities CVE-2022-48565, CVE-2018-1000802 and CVE-2016-9063

2024-05-2100:00:00

my.f5.com

python

cve-2022-48565

cve-2018-1000802

cve-2016-9063

xxe

command injection

integer overflow

buffer overflow

arbitrary code execution

8.4 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%

JSON

Security Advisory Description

CVE-2022-48565

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

CVE-2016-9063

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

Impact

Attackers may be able to trigger buffer overflows which can be used to execute arbitrary code.

Affected configurations

Vulners

Node

f5big\-ip_nextMatch20.0.1

f5big\-ip_nextMatch20.0.2

f5big\-ip_nextMatch20.1.0

f5big\-ip_nextMatch20.1.1

f5big\-ip_nextMatch20.2.0

f5big\-ip_nextMatch1.1.0

f5big\-ip_nextMatch1.1.1

f5big\-ip_nextMatch1.2.0

f5big\-ip_nextMatch1.2.1

f5big\-ip_nextMatch1.3.0

f5big\-ip_nextMatch1.1.0

f5big\-ip_nextMatch1.1.1

f5big\-ip_nextMatch1.2.0

f5big\-ip_nextMatch1.2.1

f5big\-ip_nextMatch1.3.0

f5big\-ip_nextMatch1.1.0

f5big\-ip_nextMatch1.1.1

f5big\-ip_nextMatch1.2.0

f5big\-ip_nextMatch1.2.1

f5big\-ip_nextMatch1.3.0

f5big\-ip_ltmMatch20.0.1

f5big\-ip_ltmMatch20.0.2

f5big\-ip_ltmMatch20.1.0

f5big\-ip_ltmMatch20.2.0

f5big\-ip_nextMatch1.5.0

f5big\-ip_nextMatch1.6.0

f5big\-ip_nextMatch1.7.0

f5big\-ip_nextMatch1.7.1

f5big\-ip_nextMatch1.7.2

f5big\-ip_nextMatch1.7.3

f5big\-ip_nextMatch1.7.4

f5big\-ip_nextMatch1.7.5

f5big\-ip_nextMatch1.7.6

f5big\-ip_nextMatch1.7.7

f5big\-ip_nextMatch1.7.8

f5big\-ip_nextMatch1.8.0

f5big\-ip_nextMatch1.8.2

f5big\-ip_nextMatch1.9.0

f5big\-ip_nextMatch1.9.1

f5big\-ip_nextMatch20.0.1

f5big\-ip_nextMatch20.0.2

f5big\-ip_nextMatch20.1.0

f5big\-ip_nextMatch20.2.0

f5big\-ipMatch15.1.0

f5big\-ipMatch15.1.1

f5big\-ipMatch15.1.10

f5big\-ipMatch15.1.2

f5big\-ipMatch15.1.3

f5big\-ipMatch15.1.4

f5big\-ipMatch15.1.5

f5big\-ipMatch15.1.6

f5big\-ipMatch15.1.7

f5big\-ipMatch15.1.8

f5big\-ipMatch15.1.9

f5big\-ip_afmMatch15.1.0

f5big\-ip_afmMatch15.1.1

f5big\-ip_afmMatch15.1.10

f5big\-ip_afmMatch15.1.2

f5big\-ip_afmMatch15.1.3

f5big\-ip_afmMatch15.1.4

f5big\-ip_afmMatch15.1.5

f5big\-ip_afmMatch15.1.6

f5big\-ip_afmMatch15.1.7

f5big\-ip_afmMatch15.1.8

f5big\-ip_afmMatch15.1.9

f5big\-ip_afmMatch16.1.0

f5big\-ip_afmMatch16.1.1

f5big\-ip_afmMatch16.1.2

f5big\-ip_afmMatch16.1.3

f5big\-ip_afmMatch16.1.4

f5big\-ip_afmMatch17.1.0

f5big\-ip_afmMatch17.1.1

f5big\-ip_analyticsMatch15.1.0

f5big\-ip_analyticsMatch15.1.1

f5big\-ip_analyticsMatch15.1.10

f5big\-ip_analyticsMatch15.1.2

f5big\-ip_analyticsMatch15.1.3

f5big\-ip_analyticsMatch15.1.4

f5big\-ip_analyticsMatch15.1.5

f5big\-ip_analyticsMatch15.1.6

f5big\-ip_analyticsMatch15.1.7

f5big\-ip_analyticsMatch15.1.8

f5big\-ip_analyticsMatch15.1.9

f5big\-ip_analyticsMatch16.1.0

f5big\-ip_analyticsMatch16.1.1

f5big\-ip_analyticsMatch16.1.2

f5big\-ip_analyticsMatch16.1.3

f5big\-ip_analyticsMatch16.1.4

f5big\-ip_analyticsMatch17.1.0

f5big\-ip_analyticsMatch17.1.1

f5big\-ip_apmMatch15.1.0

f5big\-ip_apmMatch15.1.1

f5big\-ip_apmMatch15.1.10

f5big\-ip_apmMatch15.1.2

f5big\-ip_apmMatch15.1.3

f5big\-ip_apmMatch15.1.4

f5big\-ip_apmMatch15.1.5

f5big\-ip_apmMatch15.1.6

f5big\-ip_apmMatch15.1.7

f5big\-ip_apmMatch15.1.8

f5big\-ip_apmMatch15.1.9

f5big\-ip_apmMatch16.1.0

f5big\-ip_apmMatch16.1.1

f5big\-ip_apmMatch16.1.2

f5big\-ip_apmMatch16.1.3

f5big\-ip_apmMatch16.1.4

f5big\-ip_apmMatch17.1.0

f5big\-ip_apmMatch17.1.1

f5big\-ip_asmMatch15.1.0

f5big\-ip_asmMatch15.1.1

f5big\-ip_asmMatch15.1.10

f5big\-ip_asmMatch15.1.2

f5big\-ip_asmMatch15.1.3

f5big\-ip_asmMatch15.1.4

f5big\-ip_asmMatch15.1.5

f5big\-ip_asmMatch15.1.6

f5big\-ip_asmMatch15.1.7

f5big\-ip_asmMatch15.1.8

f5big\-ip_asmMatch15.1.9

f5big\-ip_asmMatch16.1.0

f5big\-ip_asmMatch16.1.1

f5big\-ip_asmMatch16.1.2

f5big\-ip_asmMatch16.1.3

f5big\-ip_asmMatch16.1.4

f5big\-ip_asmMatch17.1.0

f5big\-ip_asmMatch17.1.1

f5big\-ip_dnsMatch15.1.0

f5big\-ip_dnsMatch15.1.1

f5big\-ip_dnsMatch15.1.10

f5big\-ip_dnsMatch15.1.2

f5big\-ip_dnsMatch15.1.3

f5big\-ip_dnsMatch15.1.4

f5big\-ip_dnsMatch15.1.5

f5big\-ip_dnsMatch15.1.6

f5big\-ip_dnsMatch15.1.7

f5big\-ip_dnsMatch15.1.8

f5big\-ip_dnsMatch15.1.9

f5big\-ip_dnsMatch16.1.0

f5big\-ip_dnsMatch16.1.1

f5big\-ip_dnsMatch16.1.2

f5big\-ip_dnsMatch16.1.3

f5big\-ip_dnsMatch16.1.4

f5big\-ip_dnsMatch17.1.0

f5big\-ip_dnsMatch17.1.1

f5big\-ipMatch15.1.0

f5big\-ipMatch15.1.1

f5big\-ipMatch15.1.10

f5big\-ipMatch15.1.2

f5big\-ipMatch15.1.3

f5big\-ipMatch15.1.4

f5big\-ipMatch15.1.5

f5big\-ipMatch15.1.6

f5big\-ipMatch15.1.7

f5big\-ipMatch15.1.8

f5big\-ipMatch15.1.9

f5big\-ipMatch16.1.0

f5big\-ipMatch16.1.1

f5big\-ipMatch16.1.2

f5big\-ipMatch16.1.3

f5big\-ipMatch16.1.4

f5big\-ipMatch17.1.0

f5big\-ipMatch17.1.1

f5big\-ip_link_controllerMatch15.1.0

f5big\-ip_link_controllerMatch15.1.1

f5big\-ip_link_controllerMatch15.1.10

f5big\-ip_link_controllerMatch15.1.2

f5big\-ip_link_controllerMatch15.1.3

f5big\-ip_link_controllerMatch15.1.4

f5big\-ip_link_controllerMatch15.1.5

f5big\-ip_link_controllerMatch15.1.6

f5big\-ip_link_controllerMatch15.1.7

f5big\-ip_link_controllerMatch15.1.8

f5big\-ip_link_controllerMatch15.1.9

f5big\-ip_link_controllerMatch16.1.0

f5big\-ip_link_controllerMatch16.1.1

f5big\-ip_link_controllerMatch16.1.2

f5big\-ip_link_controllerMatch16.1.3

f5big\-ip_link_controllerMatch16.1.4

f5big\-ip_link_controllerMatch17.1.0

f5big\-ip_link_controllerMatch17.1.1

f5big\-ip_ltmMatch15.1.0

f5big\-ip_ltmMatch15.1.1

f5big\-ip_ltmMatch15.1.10

f5big\-ip_ltmMatch15.1.2

f5big\-ip_ltmMatch15.1.3

f5big\-ip_ltmMatch15.1.4

f5big\-ip_ltmMatch15.1.5

f5big\-ip_ltmMatch15.1.6

f5big\-ip_ltmMatch15.1.7

f5big\-ip_ltmMatch15.1.8

f5big\-ip_ltmMatch15.1.9

f5big\-ip_ltmMatch16.1.0

f5big\-ip_ltmMatch16.1.1

f5big\-ip_ltmMatch16.1.2

f5big\-ip_ltmMatch16.1.3

f5big\-ip_ltmMatch16.1.4

f5big\-ip_ltmMatch17.1.0

f5big\-ip_ltmMatch17.1.1

f5big\-ip_pemMatch15.1.0

f5big\-ip_pemMatch15.1.1

f5big\-ip_pemMatch15.1.10

f5big\-ip_pemMatch15.1.2

f5big\-ip_pemMatch15.1.3

f5big\-ip_pemMatch15.1.4

f5big\-ip_pemMatch15.1.5

f5big\-ip_pemMatch15.1.6

f5big\-ip_pemMatch15.1.7

f5big\-ip_pemMatch15.1.8

f5big\-ip_pemMatch15.1.9

f5big\-ip_pemMatch16.1.0

f5big\-ip_pemMatch16.1.1

f5big\-ip_pemMatch16.1.2

f5big\-ip_pemMatch16.1.3

f5big\-ip_pemMatch16.1.4

f5big\-ip_pemMatch17.1.0

f5big\-ip_pemMatch17.1.1

f5nginx_agentMatch2.17.0

f5nginx_agentMatch2.18.0

f5nginx_agentMatch2.19.0

f5nginx_agentMatch2.20.0

f5nginx_agentMatch2.20.1

f5nginx_agentMatch2.22.0

f5nginx_agentMatch2.22.1

f5nginx_agentMatch2.23.0

f5nginx_agentMatch2.23.1

f5nginx_agentMatch2.23.2

f5nginx_agentMatch2.23.3

f5nginx_agentMatch2.24.0

f5nginx_agentMatch2.24.1

f5nginx_agentMatch2.25.0

f5nginx_agentMatch2.25.1

f5nginx_agentMatch2.26.0

f5nginx_agentMatch2.26.1

f5nginx_agentMatch2.26.2

f5nginx_agentMatch2.27.0

f5nginx_agentMatch2.28.0

f5nginx_agentMatch2.28.1

f5nginx_agentMatch2.29.0

f5nginx_agentMatch2.30.0

f5nginx_agentMatch2.30.1

f5nginx_agentMatch2.30.2

f5nginx_agentMatch2.30.3

f5nginx_agentMatch2.31.0

f5nginx_agentMatch2.31.1

f5nginx_agentMatch2.31.2

f5nginx_agentMatch2.32.0

f5nginx_agentMatch2.32.1

f5nginx_agentMatch2.32.2

f5nginx_agentMatch2.33.0

f5nginx_api_connectivity_managerMatch1.0.0

f5nginx_api_connectivity_managerMatch1.1.0

f5nginx_api_connectivity_managerMatch1.1.1

f5nginx_api_connectivity_managerMatch1.2.0

f5nginx_api_connectivity_managerMatch1.3.0

f5nginx_api_connectivity_managerMatch1.3.1

f5nginx_api_connectivity_managerMatch1.4.0

f5nginx_api_connectivity_managerMatch1.4.1

f5nginx_api_connectivity_managerMatch1.5.0

f5nginx_api_connectivity_managerMatch1.6.0

f5nginx_api_connectivity_managerMatch1.7.0

f5nginx_api_connectivity_managerMatch1.8.0

f5nginx_api_connectivity_managerMatch1.9.0

f5nginx_api_connectivity_managerMatch1.9.1

f5nginx_api_connectivity_managerMatch1.9.2

f5nginx_app_protectMatch2.1.0

f5nginx_app_protectMatch2.2.0

f5nginx_app_protectMatch2.3.0

f5nginx_app_protectMatch2.4.0

f5nginx_app_protectMatch3.0.0

f5nginx_app_protectMatch3.1.0

f5nginx_app_protectMatch4.0.1

f5nginx_app_protectMatch4.1.0

f5nginx_app_protectMatch4.2.0

f5nginx_app_protectMatch4.3.0

f5nginx_app_protectMatch3.10.0

f5nginx_app_protectMatch3.11.0

f5nginx_app_protectMatch3.12.1

f5nginx_app_protectMatch3.12.2

f5nginx_app_protectMatch4.0.0

f5nginx_app_protectMatch4.1.0

f5nginx_app_protectMatch4.2.0

f5nginx_app_protectMatch4.3.0

f5nginx_app_protectMatch4.4.0

f5nginx_app_protectMatch4.5.0

f5nginx_app_protectMatch4.6.0

f5nginx_app_protectMatch4.7.0

f5nginx_app_protectMatch4.8.0

f5nginx_app_protectMatch4.8.1

f5nginx_app_protectMatch4.9.0

f5nginx_app_protectMatch5.0.0

f5nginx_app_protectMatch5.1.0

f5nginx_controllerMatch3.18.3

f5nginx_controllerMatch3.19.1-APIM

f5nginx_controllerMatch3.19.2-APIM

f5nginx_controllerMatch3.19.3-APIM

f5nginx_controllerMatch3.19.4-APIM

f5nginx_controllerMatch3.19.5-APIM

f5nginx_controllerMatch3.19.6-APIM

f5nginx_controllerMatch3.20.0

f5nginx_controllerMatch3.20.1

f5nginx_controllerMatch3.21.0

f5nginx_controllerMatch3.22.0

f5nginx_controllerMatch3.22.1

f5nginx_controllerMatch3.22.2

f5nginx_controllerMatch3.22.3

f5nginx_controllerMatch3.22.4

f5nginx_controllerMatch3.22.5

f5nginx_controllerMatch3.22.6

f5nginx_controllerMatch3.22.7

f5nginx_controllerMatch3.22.8

f5nginx_controllerMatch3.22.9

f5nginx_ingress_controllerMatch1.12.5

f5nginx_ingress_controllerMatch2.2.1

f5nginx_ingress_controllerMatch2.2.2

f5nginx_ingress_controllerMatch2.3.0

f5nginx_ingress_controllerMatch2.4.0

f5nginx_ingress_controllerMatch2.4.1

f5nginx_ingress_controllerMatch2.4.2

f5nginx_ingress_controllerMatch3.0.0

f5nginx_ingress_controllerMatch3.0.1

f5nginx_ingress_controllerMatch3.0.2

f5nginx_ingress_controllerMatch3.1.0

f5nginx_ingress_controllerMatch3.1.1

f5nginx_ingress_controllerMatch3.2.0

f5nginx_ingress_controllerMatch3.2.1

f5nginx_ingress_controllerMatch3.3.0

f5nginx_ingress_controllerMatch3.3.1

f5nginx_ingress_controllerMatch3.4.0

f5nginx_ingress_controllerMatch3.4.1

f5nginx_ingress_controllerMatch3.4.2

f5nginx_ingress_controllerMatch3.5.0

f5nginx_ingress_controllerMatch3.5.1

f5nginx_instance_managerMatch2.10.0

f5nginx_instance_managerMatch2.10.1

f5nginx_instance_managerMatch2.11.0

f5nginx_instance_managerMatch2.12.0

f5nginx_instance_managerMatch2.13.0

f5nginx_instance_managerMatch2.13.1

f5nginx_instance_managerMatch2.14.0

f5nginx_instance_managerMatch2.14.1

f5nginx_instance_managerMatch2.15.0

f5nginx_instance_managerMatch2.15.1

f5nginx_instance_managerMatch2.16.0

f5nginx_instance_managerMatch2.2.0

f5nginx_instance_managerMatch2.3.0

f5nginx_instance_managerMatch2.3.1

f5nginx_instance_managerMatch2.4.0

f5nginx_instance_managerMatch2.5.0

f5nginx_instance_managerMatch2.5.1

f5nginx_instance_managerMatch2.6.0

f5nginx_instance_managerMatch2.7.0

f5nginx_instance_managerMatch2.8.0

f5nginx_instance_managerMatch2.9.0

f5nginx_instance_managerMatch2.9.1

f5nginx_security_monitoringMatch1.0.0

f5nginx_security_monitoringMatch1.1.0

f5nginx_security_monitoringMatch1.2.0

f5nginx_security_monitoringMatch1.3.0

f5nginx_security_monitoringMatch1.4.0

f5nginx_security_monitoringMatch1.5.0

f5nginx_security_monitoringMatch1.6.0

f5nginx_security_monitoringMatch1.7.0

f5nginx_security_monitoringMatch1.7.1

f5nginx_plusMatchR26

f5nginx_plusMatchR27

f5nginx_plusMatchR28

f5nginx_plusMatchR29

f5nginx_plusMatchR30

f5nginx_plusMatchR31

f5nginx_service_meshMatch1.1.0

f5nginx_service_meshMatch1.2.0

f5nginx_service_meshMatch1.2.1

f5nginx_service_meshMatch1.3.0

f5nginx_service_meshMatch1.3.1

f5nginx_service_meshMatch1.4.0

f5nginx_service_meshMatch1.4.1

f5nginx_service_meshMatch1.5.0

f5nginx_service_meshMatch1.6.0

f5nginx_service_meshMatch1.7.0

f5nginx_service_meshMatch2.0.0

f5nginxMatch1.27.0

f5nginxMatch1.28.0

f5nginxMatch1.29.0

f5nginxMatch1.29.1

f5nginxMatch1.30.0

f5nginxMatch1.31.0

f5nginxMatch1.31.1

f5nginxMatch1.32.0

f5nginxMatch1.32.1

f5f5os\-aMatch1.5.1

f5f5os\-aMatch1.5.2

f5f5os\-aMatch1.7.0

f5f5os\-cMatch1.6.0

f5f5os\-cMatch1.6.1

f5f5os\-cMatch1.6.2

f5big\-iq_centralized_managementMatch8.1.0

f5big\-iq_centralized_managementMatch8.2.0

f5big\-iq_centralized_managementMatch8.3.0

f5big\-ip_ddos_hybrid_defenderMatch15.1.0

f5big\-ip_ddos_hybrid_defenderMatch15.1.1

f5big\-ip_ddos_hybrid_defenderMatch16.1.0

f5big\-ip_ddos_hybrid_defenderMatch17.1.0

f5ssl_orchestratorMatch15.1.0

f5ssl_orchestratorMatch15.1.1

f5ssl_orchestratorMatch15.1.2

f5ssl_orchestratorMatch15.1.9

f5ssl_orchestratorMatch16.1.0

f5ssl_orchestratorMatch16.1.1

f5ssl_orchestratorMatch16.1.3

f5ssl_orchestratorMatch16.1.4

f5ssl_orchestratorMatch17.1.0

f5ssl_orchestratorMatch17.1.1

f5traffix_signaling_delivery_controllerMatch5.1.0

f5traffix_signaling_delivery_controllerMatch5.2.0

CPENameOperatorVersion
big-ip next central managereq20.0.1
big-ip next central managereq20.0.2
big-ip next central managereq20.1.0
big-ip next central managereq20.1.1
big-ip next central managereq20.2.0
big-ip next cgnat cnfeq1.1.0
big-ip next cgnat cnfeq1.1.1
big-ip next cgnat cnfeq1.2.0
big-ip next cgnat cnfeq1.2.1
big-ip next cgnat cnfeq1.3.0

Name	Operator	Version
big-ip next central manager	eq	20.0.1
big-ip next central manager	eq	20.0.2
big-ip next central manager	eq	20.1.0
big-ip next central manager	eq	20.1.1
big-ip next central manager	eq	20.2.0
big-ip next cgnat cnf	eq	1.1.0
big-ip next cgnat cnf	eq	1.1.1
big-ip next cgnat cnf	eq	1.2.0
big-ip next cgnat cnf	eq	1.2.1
big-ip next cgnat cnf	eq	1.3.0